Contacting SecDef -- and whatever lag time would have been involved -- had nothing to do with it. Boston TMU contacted NEADS directly, bypassing the normal chain of command that would have involved SecDef. NEADS (a regional center for NORAD) received word from Boston Center TMU at 08:37:52 of a possible hijacking, according to tapes released by NORAD. At about 08:45:02, without speaking with SecDef, Major Kevin Nasypany ordered fighters into the air, vectored to NYC. That's just over seven minutes while they located Nasypany (who was on a morning run), figured out the threat, tried to locate the plane, and finally made the decision to get planes in the air while they continued to search, just in case. In retrospect, it sounds like a long time, but virtually every other hijacking had ended on the ground (whether with a surrender or a shootout), and there was little reason to believe that this would be different.
In any case, the two F-15s were in the air about seven minutes later at 08:52, heading towards NYC at just below Mach 1. They might have been up sooner than that, but even if they had been on hot standby and launched at the time of the first notice to Otis AFB from Boston TMU at about 08:34 and averaged 1200mph (requiring afterburners), it would have taken about 10 minutes to cover the nearly 200 miles between Otis AFB and NYC, and they would have arrived just in time to see the first impact, and would probably not have been able to do anything about the second impact. Flight 93 wouldn't have been able to be intercepted, as the fighters would have been questionable on fuel -- afterburners gulp fuel at prodigious rates.
These could actually be profitable for a practice, depending on how long they take to complete a scan. As part of an annual physical, these could add very little cost to the visit, and insurance companies may be enthusiastic about approving them if they can pick up on serious diseases more quickly. I'm not sure how many patient visits a doctor has each year, but if it's around 5000, and only 10% of them use this, the basic purchase cost could be paid back at less than $20 per visit. I'd be willing to chip in $20 (especially if it's on the insurance company's immediate dime) to know if I have lung cancer or other lung disease long before it would be otherwise detected.
I couldn't tell you. It may be simplistic thinking: if you know someone is going to shoot at you, you consider wearing armor. It may be that they have pride in their work and don't want to have their feelings hurt.
Whatever the case is, neither side gets all that much information prior to the test.
You're presuming that the code in their ATMs is much better. Has anyone done an independent, published code analysis of them where we can compare the results of that to this?
And don't forget that there are still report sections to be released. This may be endemic to the voting machine industry.
Reports like these make me want to bring back the older systems with punch cards. The wholesale move to electronic ballots is a prime example of over-reaction to the discovery of a break in the system (poorly-designed butterfly ballots, pregnant chads, etc), rather than a metered, carefully-evaluated response that addresses the problems found instead of throwing it out wholesale.
I believe that it can be (but not necessarily is) pure incompetence. Most developers that I've met have no business writing code that would be usable in a 'secure' environment, and the pen tests that are now done as a matter of practice on our outward-facing systems routinely rip our devs work to shreds. It's gotten to the point that the developers want to know what methods will be used in the pen tests so that they can protect against them. We in the security group have steadfastly refused to provide them anything other than a timespan when the test will be happening, so that they know not to update code in the middle of it, and so that they can't do targeted coding before-hand.
One of the major problems that I see is that the developers rely far too much on security by obscurity, no matter what the project covers, figuring that if the attacker can't see the code, then he can't see vulnerabilities, and they don't read enough about vulnerability research to understand how critically dangerous this is. They do things like requiring SSL for the front-end session, encrypting the back-end FTP transfer, and splitting off the management interface to an internal server, while leaving the access controls for the database identical for both systems, requiring only short passwords, allowing an inordinate number of password retries, using poor seeding techniques for session IDs, and leaving nearly-default configurations of the web server in place.
I tend not to place as much value in accusations of malice as I do in observations of incompetence. When presented with a result like this from any random company, I am far more likely to attribute it to the latter, unless presented with some fairly strong evidence to the contrary.
I was told to stick to my training, and don't try to get fancy about anything. My training stops at CPR, so intubation is right out.
The question that led to a relatively in-depth discussion about the above points came when I asked about whether CPR was capable of breaking ribs. I was told that it absolutely is possible, and that broken ribs are better than dead bodies.
Infractions are treated like any other violation of the law, except that you do not have the right to a jury trial or court-appointed counsel. You go before a judge, plead guilty or not guilty, and then either pay the fine (if pleading guilty) or have a trial date scheduled. There is still presumption of innocence, you can have counsel present, you can appeal the verdict if found guilty, and the state may only try you once on the same charge. You can skip going before a judge by signing the citation and sending in the fine, which, if you read the fine print, is the same as pleading guilty, and it saves everyone some time and the court some money.
It's my understanding, after a few first aid courses, that the laws in all states have the following in common:
Do not require intervention to assist someone (though notification of authorities may be another matter) unless the person witnessing was at fault
Protect from civil and criminal prosecution those bystanders that attempt to render aid, except when the party is coherent and refuses aid
Require those that do attempt to render aid to continue to do so unless the situation becomes unsafe, the assistance can be turned over to someone of equal or better training, or authorities need to be contacted, after which the assistance must be resumed
Prohibit requiring payment for aid rendered
There may be a few small catches to this, but I don't think most courts will hold against a defendant any good-faith attempt to help someone in distress.
While IDS is still available for use on server equipment, it maxes out well below the 1Gbps levels. The high-end equipment is going to custom-engineered appliances now, with dedicated processors developed specifically for ultra-high-throughput with extremely low latency (for those cases where IDS is in-line). It's not always the overall throughput, though. Many IDS boxes can be brought to their knees with high VoIP throughputs. VoIP in large volumes can spray packets at high throughputs with packet counts that are disproportionately high compared to normal traffic. For example, an average packet size on a network may be 1000 bytes, whereas VoIP may slice that down to a couple of hundred bytes per packet while still sending high overall packet rates, stressing the scanning engine since it has to pay attention to the headers of every packet but doesn't have as much work to do on each payload.
Right now, I'm working with several of the larger IDS companies, and when we ask them about 10Gbps throughput, they all -- every one of them -- hedge their answers. There is work underway, and we have indications that new multi-gig hardware, possibly including line-speed 10Gbps scanning in one or two cases, will be available in the next few months. However, the cost for these units is much, much higher than for a unit that handles 10Gbps aggregate throughput, and so we have some decisions to make regarding placement if we're to keep a proper eye on our network.
I suspect that we'll be seeing 40GBps on the switch interlinks long before I see 10Gbps links to the servers here. There just isn't a major call for quite that much on a regular basis, and the 100Gbps ports are going to be very, very pricey.
Those of us in security are dreading this. IDS/IPS companies are only now dealing efficiently with multi-gigabit solutions for a reasonable price, and no one that I have talked to will do line-speed 10Gbs processing (some boxes can use parallel processing to handle streams from multiple inputs going up to 10Gbps, but not from a single line through a single processor to ensure that attack streams are properly reviewed). I shudder to think of what a 40Gbps stream will be like to monitor.
I have a brand-new Biostar motherboard sitting next to me booting and running from PATA, and a cursory glance over current motherboard models on NewEgg shows that they all have at least one PATA port available to them, which is required because the number of SATA optical drives available was, until relatively recently, pretty small, with only Plextor producing them. Now that you can get them from Sony, Lite-On, etc, I expect to see PATA ports start to drop away, but they're still quite common.
Aside from that, integrated PATA ports have to be bootable, because every major OS now uses installation from optical media. I'd be interested to know which board does not support this.
Actually, Schmeiser routinely used Roundup around power poles and in ditches. That's how he discovered that he had the cross-contamination, as after using Roundup, he realized that some plants survived. After spraying a few more acres and discovering that more than half of the sprayed crop survived, he collected that seed for use in the next season's crop. Schmeiser's crop went from 60% of a few acres to 95% of 1000 acres in one season.
Actually, it was VoIP (early Vonage subscriber), but she had no way of knowing. She had a nice voice, but I have no idea what other attributes she had beyond that.:)
Actually, if you can get past the first level of drones (and sometimes the second level, depending on the company), you'll talk to people who know not only what a packet is, but also can do actual troubleshooting on the modem connection and make some sense of it. I've experienced this with Comcast, Adelphia, and Time-Warner (it was completely absent, so far as I could tell, from MediaOne when they were around); in one case, I got a very thorough explanation of the problem as it related to head-end equipment and what needed to be done to fix it from the tech as she was entering it into the work order.
The problem, of course, is that almost all users that call in don't need more than scripted hand-holding, and those of us that know what we're talking about call in and hit that wall, through which it can be very difficult to find an open window through which to crawl to find a knowledgeable person.
Destruction activities of chemical weapons are overseen by the Organization for Prohibition of Chemical Weapons (OPCW), which inspects and certifies sites at all stages, including the destruction of CW production sites. This was undertaken as a result of the Chemical Weapons Convention (CWC), signed by President Bush in 1993 and ratified by the Senate in 1997. Prior to this, the United States and Russia agreed to inspect and certify each other's disposal work under accords worked out in 1989.
As for the lawsuits, they held up activities at Umatilla, OR; Pine Bluff, AR; Anniston, AL; and Pueblo, CO. There are a couple of other facilities either operational or under construction, and they have been delayed as well. The original plan was to start disposal of the chemical weapons stockpile beginning in the middle 1980s (the first tests were performed around 1981), but due to repeated lawsuits this was not started until Johnston Atoll Chemical Agent Disposal System (JACADS) came online in 1990, taking a decade to finish its work, after which almost everything except the runway on Johnston Atoll was disassembled and removed, and the site turned back into a wildlife sanctuary. A few searches will find many articles about the series of lawsuits that have led to the delays, largely over concerns that the Army was not thorough enough in its protections of local civilians. In some cases, these concerns were justified, and in others they were overblown. This has caused the expected overall cost of the disposal to balloon from $1.7 billion to more than $32 billion, according to the Department of Defense and the GAO.
I was wrong on one point, though. The US was originally granted until 2007 to complete the work, but due to the ongoing lawsuits requested a five-year extension to 2012, the latest date allowed under the CWC. Recently, suggestions were made by the DoD to extend that even further, possibly to 2023. This move has been criticized by both sides of the aisle in Congress, which seems amenable to a small delay beyond 2012, but by and large wants chemical weapons completely out of the US as quickly as possible.
The US is in the process of destroying its remaining chemical and biological weapons, and would be done with it were it not for environmentalist lawsuits. One of the project sites completed its work years ago, and the others should be finished in a few years. The Russians are far behind their own obligations, but are slowly making progress.
The military does not consider soldiers to be disposable. It costs a pretty penny to train each of them, most of which goes to payroll and low-profit items. Even if there are select members of the Executive Branch that do consider them disposable -- and I'm not sure that any of them do at all -- the officers handling tactics very much hate the idea of losing people under their command.
The lack of armor was not a result of not caring, but a miscalculation of the resistance that would be faced. Expectations were that US soldiers would be greeted with open arms -- and they were in most places -- but ineptness in the civilian ranks led to things like clan relationships being ignored, a nearly complete lack of Arabic translators, and a lot of tense people shooting at each other when it wasn't necessary because of cultural and linguistic miscommunication, which, among other things, fueled the nascent insurgency into the guerrilla war that it's become. There were a lot of poor decisions made on the basis of views that were far too optimistic, but I wouldn't characterize it as a result of not valuing the lives of the soldiers.
But all of this aside, where did you get the idea that embryonic stem-cell research could lead to regrowing new limbs? Researchers are just figuring out the very basics of the simplest of tissue restructuring, and the idea of regrowing something as complex as an entire limb is still very much the realm of science fiction. It may well be that eventually this will be possible, but probably not for many years, perhaps decades. And in the meantime, one small silver lining coming out of the casualties is the rapid advance in prosthetics, which are helping not only soldiers but also regular civilians who lose their limbs to accident and disease.
Bush is not against stem cell research in general, but embryonic stem cell research, which itself is legal but not federally-funded. It's an understandable position, though I think those that hold the view that no embryo should ever be destroyed hold a more consistent view. There are no prohibitions on federal funding of adult stem cell research, which has tended to show more promise these days as more work is focused on them, and they're better-understood. States are funding embryonic work, such as California's decade-long, $3 billion bond initiative, which is likely the first of several such financing packages coming from the states. Hurrah for federalism in action.
The plant is paying for the turkey offal, in a way. Turkey offal can still be ground into agricultural feed, so they take a hit there in that they turn it into fuel oil instead of selling it.
However, as mentioned above, they can run a lot of other things through it, including tires, vegetable waste, wood chips, and I think even manure. We'll find out how viable those are when additional plants come online.
How is it inefficient? The primary plant in Carthage, MO, is running at about the efficiency ratio predicted early on, where 85% of the energy content that goes in comes out as high-grade fuel oil. Looking at it from a different perspective, that's 15 parts energy use resulting in 85 parts energy in the oil, or a factor of ~5.7.
There are some numbers that are off about the technology -- the amount of waste usable as input, for example -- but it seems to be an effective method of fuel production.
I've been using Vista since Beta 1, had it as my primary work OS since Beta 2, and have been running Vista-64 since about three days after the code was released to volume customers. With the exception of some older Checkpoint firewall UIs and a lack of Atheros drivers (which a colleague recently found but which I have not tested), all of my work software has loaded just fine. The Atheros drivers don't really bother me because I have an integrated Intel wireless card, I flip to Linux and MADWifi for most wireless security work, and the Checkpoint UIs load fine in VMWare (except FP3, which for some reason won't complete a connection).
I regard Vista as neither as good nor as bad as many people say. It's nothing spectacular, though there are UI improvements that I rather like. (I'm somewhat annoyed that Windows Explorer still does not have a quicker method of creating a new folder than using the context menu, but that's a minor issue.) I don't rush anyone to get it, but I don't recommend that they avoid it on new PCs, either.
I never said that they don't use it, though I can see how my words may have implied that. Compromise of agents has resulted in certain material making it to people that we would rather not have it. If it's well-engineered, this means a potential weakness as the cipher is available for study, but not necessarily crackable. Consider: If you were a cryptographer and had never seen AES before, would capturing me with my implementation automatically open up everyone else to significant risk? The answer is clearly not, because AES is designed such that knowledge of the key material is required.
The number of available cyphertexts can matter, depending on the algorithm; two random cyphertexts may mean little, but 10,000 cyphertexts may open up some possibilities. It matters even more if something is known about them. This was the reason that the NSA has able to crack certain Russian codes. Knowing that a memo comes in a particular format is very valuable, and comparing two memos that have similarities and are known to be encrypted with the same cipher (though usually with different key material -- those doubling up on both have often led to rapid cracks) may lead to information on how the cipher works.
Slashdot Mirror
Contacting SecDef -- and whatever lag time would have been involved -- had nothing to do with it. Boston TMU contacted NEADS directly, bypassing the normal chain of command that would have involved SecDef. NEADS (a regional center for NORAD) received word from Boston Center TMU at 08:37:52 of a possible hijacking, according to tapes released by NORAD. At about 08:45:02, without speaking with SecDef, Major Kevin Nasypany ordered fighters into the air, vectored to NYC. That's just over seven minutes while they located Nasypany (who was on a morning run), figured out the threat, tried to locate the plane, and finally made the decision to get planes in the air while they continued to search, just in case. In retrospect, it sounds like a long time, but virtually every other hijacking had ended on the ground (whether with a surrender or a shootout), and there was little reason to believe that this would be different.
In any case, the two F-15s were in the air about seven minutes later at 08:52, heading towards NYC at just below Mach 1. They might have been up sooner than that, but even if they had been on hot standby and launched at the time of the first notice to Otis AFB from Boston TMU at about 08:34 and averaged 1200mph (requiring afterburners), it would have taken about 10 minutes to cover the nearly 200 miles between Otis AFB and NYC, and they would have arrived just in time to see the first impact, and would probably not have been able to do anything about the second impact. Flight 93 wouldn't have been able to be intercepted, as the fighters would have been questionable on fuel -- afterburners gulp fuel at prodigious rates.
These could actually be profitable for a practice, depending on how long they take to complete a scan. As part of an annual physical, these could add very little cost to the visit, and insurance companies may be enthusiastic about approving them if they can pick up on serious diseases more quickly. I'm not sure how many patient visits a doctor has each year, but if it's around 5000, and only 10% of them use this, the basic purchase cost could be paid back at less than $20 per visit. I'd be willing to chip in $20 (especially if it's on the insurance company's immediate dime) to know if I have lung cancer or other lung disease long before it would be otherwise detected.
I couldn't tell you. It may be simplistic thinking: if you know someone is going to shoot at you, you consider wearing armor. It may be that they have pride in their work and don't want to have their feelings hurt.
Whatever the case is, neither side gets all that much information prior to the test.
You're presuming that the code in their ATMs is much better. Has anyone done an independent, published code analysis of them where we can compare the results of that to this?
And don't forget that there are still report sections to be released. This may be endemic to the voting machine industry.
Reports like these make me want to bring back the older systems with punch cards. The wholesale move to electronic ballots is a prime example of over-reaction to the discovery of a break in the system (poorly-designed butterfly ballots, pregnant chads, etc), rather than a metered, carefully-evaluated response that addresses the problems found instead of throwing it out wholesale.
You're welcome.
And why I deserved an extra three karma points for that, I will never know.
I believe that it can be (but not necessarily is) pure incompetence. Most developers that I've met have no business writing code that would be usable in a 'secure' environment, and the pen tests that are now done as a matter of practice on our outward-facing systems routinely rip our devs work to shreds. It's gotten to the point that the developers want to know what methods will be used in the pen tests so that they can protect against them. We in the security group have steadfastly refused to provide them anything other than a timespan when the test will be happening, so that they know not to update code in the middle of it, and so that they can't do targeted coding before-hand.
One of the major problems that I see is that the developers rely far too much on security by obscurity, no matter what the project covers, figuring that if the attacker can't see the code, then he can't see vulnerabilities, and they don't read enough about vulnerability research to understand how critically dangerous this is. They do things like requiring SSL for the front-end session, encrypting the back-end FTP transfer, and splitting off the management interface to an internal server, while leaving the access controls for the database identical for both systems, requiring only short passwords, allowing an inordinate number of password retries, using poor seeding techniques for session IDs, and leaving nearly-default configurations of the web server in place.
I tend not to place as much value in accusations of malice as I do in observations of incompetence. When presented with a result like this from any random company, I am far more likely to attribute it to the latter, unless presented with some fairly strong evidence to the contrary.
It's a paraphrase from Spaceballs, when the king of Druidia hands over the code to the air shield.
I was told to stick to my training, and don't try to get fancy about anything. My training stops at CPR, so intubation is right out.
The question that led to a relatively in-depth discussion about the above points came when I asked about whether CPR was capable of breaking ribs. I was told that it absolutely is possible, and that broken ribs are better than dead bodies.
Infractions are treated like any other violation of the law, except that you do not have the right to a jury trial or court-appointed counsel. You go before a judge, plead guilty or not guilty, and then either pay the fine (if pleading guilty) or have a trial date scheduled. There is still presumption of innocence, you can have counsel present, you can appeal the verdict if found guilty, and the state may only try you once on the same charge. You can skip going before a judge by signing the citation and sending in the fine, which, if you read the fine print, is the same as pleading guilty, and it saves everyone some time and the court some money.
There may be a few small catches to this, but I don't think most courts will hold against a defendant any good-faith attempt to help someone in distress.
While IDS is still available for use on server equipment, it maxes out well below the 1Gbps levels. The high-end equipment is going to custom-engineered appliances now, with dedicated processors developed specifically for ultra-high-throughput with extremely low latency (for those cases where IDS is in-line). It's not always the overall throughput, though. Many IDS boxes can be brought to their knees with high VoIP throughputs. VoIP in large volumes can spray packets at high throughputs with packet counts that are disproportionately high compared to normal traffic. For example, an average packet size on a network may be 1000 bytes, whereas VoIP may slice that down to a couple of hundred bytes per packet while still sending high overall packet rates, stressing the scanning engine since it has to pay attention to the headers of every packet but doesn't have as much work to do on each payload.
Right now, I'm working with several of the larger IDS companies, and when we ask them about 10Gbps throughput, they all -- every one of them -- hedge their answers. There is work underway, and we have indications that new multi-gig hardware, possibly including line-speed 10Gbps scanning in one or two cases, will be available in the next few months. However, the cost for these units is much, much higher than for a unit that handles 10Gbps aggregate throughput, and so we have some decisions to make regarding placement if we're to keep a proper eye on our network.
I suspect that we'll be seeing 40GBps on the switch interlinks long before I see 10Gbps links to the servers here. There just isn't a major call for quite that much on a regular basis, and the 100Gbps ports are going to be very, very pricey.
Those of us in security are dreading this. IDS/IPS companies are only now dealing efficiently with multi-gigabit solutions for a reasonable price, and no one that I have talked to will do line-speed 10Gbs processing (some boxes can use parallel processing to handle streams from multiple inputs going up to 10Gbps, but not from a single line through a single processor to ensure that attack streams are properly reviewed). I shudder to think of what a 40Gbps stream will be like to monitor.
I have a brand-new Biostar motherboard sitting next to me booting and running from PATA, and a cursory glance over current motherboard models on NewEgg shows that they all have at least one PATA port available to them, which is required because the number of SATA optical drives available was, until relatively recently, pretty small, with only Plextor producing them. Now that you can get them from Sony, Lite-On, etc, I expect to see PATA ports start to drop away, but they're still quite common.
Aside from that, integrated PATA ports have to be bootable, because every major OS now uses installation from optical media. I'd be interested to know which board does not support this.
Actually, Schmeiser routinely used Roundup around power poles and in ditches. That's how he discovered that he had the cross-contamination, as after using Roundup, he realized that some plants survived. After spraying a few more acres and discovering that more than half of the sprayed crop survived, he collected that seed for use in the next season's crop. Schmeiser's crop went from 60% of a few acres to 95% of 1000 acres in one season.
No, the lameness filter zoomed in on your appallingly incorrect quoting.
Actually, it was VoIP (early Vonage subscriber), but she had no way of knowing. She had a nice voice, but I have no idea what other attributes she had beyond that. :)
Actually, if you can get past the first level of drones (and sometimes the second level, depending on the company), you'll talk to people who know not only what a packet is, but also can do actual troubleshooting on the modem connection and make some sense of it. I've experienced this with Comcast, Adelphia, and Time-Warner (it was completely absent, so far as I could tell, from MediaOne when they were around); in one case, I got a very thorough explanation of the problem as it related to head-end equipment and what needed to be done to fix it from the tech as she was entering it into the work order.
The problem, of course, is that almost all users that call in don't need more than scripted hand-holding, and those of us that know what we're talking about call in and hit that wall, through which it can be very difficult to find an open window through which to crawl to find a knowledgeable person.
Destruction activities of chemical weapons are overseen by the Organization for Prohibition of Chemical Weapons (OPCW), which inspects and certifies sites at all stages, including the destruction of CW production sites. This was undertaken as a result of the Chemical Weapons Convention (CWC), signed by President Bush in 1993 and ratified by the Senate in 1997. Prior to this, the United States and Russia agreed to inspect and certify each other's disposal work under accords worked out in 1989.
As for the lawsuits, they held up activities at Umatilla, OR; Pine Bluff, AR; Anniston, AL; and Pueblo, CO. There are a couple of other facilities either operational or under construction, and they have been delayed as well. The original plan was to start disposal of the chemical weapons stockpile beginning in the middle 1980s (the first tests were performed around 1981), but due to repeated lawsuits this was not started until Johnston Atoll Chemical Agent Disposal System (JACADS) came online in 1990, taking a decade to finish its work, after which almost everything except the runway on Johnston Atoll was disassembled and removed, and the site turned back into a wildlife sanctuary. A few searches will find many articles about the series of lawsuits that have led to the delays, largely over concerns that the Army was not thorough enough in its protections of local civilians. In some cases, these concerns were justified, and in others they were overblown. This has caused the expected overall cost of the disposal to balloon from $1.7 billion to more than $32 billion, according to the Department of Defense and the GAO.
I was wrong on one point, though. The US was originally granted until 2007 to complete the work, but due to the ongoing lawsuits requested a five-year extension to 2012, the latest date allowed under the CWC. Recently, suggestions were made by the DoD to extend that even further, possibly to 2023. This move has been criticized by both sides of the aisle in Congress, which seems amenable to a small delay beyond 2012, but by and large wants chemical weapons completely out of the US as quickly as possible.
The US is in the process of destroying its remaining chemical and biological weapons, and would be done with it were it not for environmentalist lawsuits. One of the project sites completed its work years ago, and the others should be finished in a few years. The Russians are far behind their own obligations, but are slowly making progress.
The military does not consider soldiers to be disposable. It costs a pretty penny to train each of them, most of which goes to payroll and low-profit items. Even if there are select members of the Executive Branch that do consider them disposable -- and I'm not sure that any of them do at all -- the officers handling tactics very much hate the idea of losing people under their command.
The lack of armor was not a result of not caring, but a miscalculation of the resistance that would be faced. Expectations were that US soldiers would be greeted with open arms -- and they were in most places -- but ineptness in the civilian ranks led to things like clan relationships being ignored, a nearly complete lack of Arabic translators, and a lot of tense people shooting at each other when it wasn't necessary because of cultural and linguistic miscommunication, which, among other things, fueled the nascent insurgency into the guerrilla war that it's become. There were a lot of poor decisions made on the basis of views that were far too optimistic, but I wouldn't characterize it as a result of not valuing the lives of the soldiers.
But all of this aside, where did you get the idea that embryonic stem-cell research could lead to regrowing new limbs? Researchers are just figuring out the very basics of the simplest of tissue restructuring, and the idea of regrowing something as complex as an entire limb is still very much the realm of science fiction. It may well be that eventually this will be possible, but probably not for many years, perhaps decades. And in the meantime, one small silver lining coming out of the casualties is the rapid advance in prosthetics, which are helping not only soldiers but also regular civilians who lose their limbs to accident and disease.
Bush is not against stem cell research in general, but embryonic stem cell research, which itself is legal but not federally-funded. It's an understandable position, though I think those that hold the view that no embryo should ever be destroyed hold a more consistent view. There are no prohibitions on federal funding of adult stem cell research, which has tended to show more promise these days as more work is focused on them, and they're better-understood. States are funding embryonic work, such as California's decade-long, $3 billion bond initiative, which is likely the first of several such financing packages coming from the states. Hurrah for federalism in action.
The plant is paying for the turkey offal, in a way. Turkey offal can still be ground into agricultural feed, so they take a hit there in that they turn it into fuel oil instead of selling it.
However, as mentioned above, they can run a lot of other things through it, including tires, vegetable waste, wood chips, and I think even manure. We'll find out how viable those are when additional plants come online.
How is it inefficient? The primary plant in Carthage, MO, is running at about the efficiency ratio predicted early on, where 85% of the energy content that goes in comes out as high-grade fuel oil. Looking at it from a different perspective, that's 15 parts energy use resulting in 85 parts energy in the oil, or a factor of ~5.7.
There are some numbers that are off about the technology -- the amount of waste usable as input, for example -- but it seems to be an effective method of fuel production.
I've been using Vista since Beta 1, had it as my primary work OS since Beta 2, and have been running Vista-64 since about three days after the code was released to volume customers. With the exception of some older Checkpoint firewall UIs and a lack of Atheros drivers (which a colleague recently found but which I have not tested), all of my work software has loaded just fine. The Atheros drivers don't really bother me because I have an integrated Intel wireless card, I flip to Linux and MADWifi for most wireless security work, and the Checkpoint UIs load fine in VMWare (except FP3, which for some reason won't complete a connection).
I regard Vista as neither as good nor as bad as many people say. It's nothing spectacular, though there are UI improvements that I rather like. (I'm somewhat annoyed that Windows Explorer still does not have a quicker method of creating a new folder than using the context menu, but that's a minor issue.) I don't rush anyone to get it, but I don't recommend that they avoid it on new PCs, either.
I never said that they don't use it, though I can see how my words may have implied that. Compromise of agents has resulted in certain material making it to people that we would rather not have it. If it's well-engineered, this means a potential weakness as the cipher is available for study, but not necessarily crackable. Consider: If you were a cryptographer and had never seen AES before, would capturing me with my implementation automatically open up everyone else to significant risk? The answer is clearly not, because AES is designed such that knowledge of the key material is required.
The number of available cyphertexts can matter, depending on the algorithm; two random cyphertexts may mean little, but 10,000 cyphertexts may open up some possibilities. It matters even more if something is known about them. This was the reason that the NSA has able to crack certain Russian codes. Knowing that a memo comes in a particular format is very valuable, and comparing two memos that have similarities and are known to be encrypted with the same cipher (though usually with different key material -- those doubling up on both have often led to rapid cracks) may lead to information on how the cipher works.